Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

How Convert Offset To VA

Bl@ck Virus
Bl@ck Virus
in x64dbg

Featured Replies

Posted

hello all

how can I convert Some DLL Offset address to VA ?

Quote

i want to convert this address to VA 

i attach DLL file too

4ouwhmy5yi7w4qw8xjwi.jpg

can i do it directly by x64dbg ? 

tnx in advance 

am.dll

To convert file offset to VA you should take a look at PE section table and find what of the section contain the raw offset that you need.

When you find the section there is a formula to calculate it:

your_offset - raw_offset_of_section_that_contain_your_offset + virtual_address_of_section_that_contain_your_offset + IMAGE_BASE = VA

Hope it helps

regards

  • Author
2 minutes ago, crystalboy said:

To convert file offset to VA you should take a look at PE section table and find what of the section contain the raw offset that you need.

When you find the section there is a formula to calculate it:

your_offset - raw_offset_of_section_that_contain_your_offset + virtual_address_of_section_that_contain_your_offset + IMAGE_BASE = VA

Hope it helps

regards

tnx for you answer 

but is it any application to do it automatically ?

 

Yes there is:

PETools (Tools -> PE Editor (select your dll) -> FLC -> Select File offset -> insert your value and press Calculate)

CFF Explorer (Drag and drop your DLL on it and press on Address Converter)

Hope it helps

Regards

 

    • Like 4
    • Author
    Just now, crystalboy said:

    Yes there is:

    PETools (Tools -> PE Editor (select your dll) -> FLC -> Select File offset -> insert your value and press Calculate)

    CFF Explorer (Drag and drop your DLL on it and press on Address Converter)

    Hope it helps

    Regards

     

    thanks again mate :)

    x64dbg supports it directly. Use: 

    kernel32.dll:#1234

    To go to kernel32.dll at offset 0x1234. You can also go to a relative address like this: 

    x64dbg.exe:$1234

    Greetings

    • Like 2
    • Author
    On 3/16/2016 at 11:43 PM, Mr. eXoDia said:

    x64dbg supports it directly. Use: 

    
kernel32.dll:#1234

    To go to kernel32.dll at offset 0x1234. You can also go to a relative address like this: 

    
x64dbg.exe:$1234

    Greetings

    thanks for your answer Sir

    but i`m newbie with x64dbg and i don`t know how I can use this " kernel32.dll:#1234 " 

    do you have any video that can help me more ?

    tnx agian

    Use Ctrl + G (goto) and type it there

    • Like 1
    • Author
    2 hours ago, Mr. eXoDia said:

    Use Ctrl + G (goto) and type it there

    tnx very very much

    I love your Debugger....!

    • Like 1

    Create an account or sign in to comment

    Go to topic listing

    Configure browser push notifications
    Chrome (Android)
    1. Tap the lock icon next to the address bar.
    2. Tap Permissions → Notifications.
    3. Adjust your preference.
    Chrome (Desktop)
    1. Click the padlock icon in the address bar.
    2. Select Site settings.
    3. Find Notifications and adjust your preference.